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In the Claims 

Please replace all prior versions, and listings, of claims in the application with the 
following list of claims: 

1 . (Currently Amended) A data management method for managing access to a 
plurality of volumes of a storage system by at least two devices coupled to the storage system 
through a network, the method comprising steps of 

receiving, over the network at the storage system, encryption information provided by at 
least one of the at least two devices: 

transferring an expected access key between the storage system and the at least one of the 
at least two devices, the expected access key encrypted using the encryption information: 

receiving over the network at the storage system a request from one of the at least two 
devices for access to at least one of the plurality of volumes of the storage system, the request 
identifying the at least one of the plurality of volumes in the storage system^ and including a 
request access key [rrepresented source of the request]]; and 

selectively servicing, at the storage system, the request responsive to configuration data 
indicating that the one of the at least two devices is authorized to access the at least one of the 
plurality of volumes, wherein the step of selectively servicing comprises a step of verifying that 
the represented source of the request is the one of the at least two devices that issued the request 
based, at least in part, on a comparison between the request access key and the expected access 
key . 

2. (Currently Amended) The data management method according to claim 1, 
wherein the configuration data is stored in the storage system in a configuration table comprising 
a plurality of records, each of the records including an identifier and information indicating 
which of the volumes of data are available to a device associated with the corresponding 
identifier, and wherein the step of selectively servicing further includes steps of: 

receiving the request at the storage system issued by the one of the at least two devices, 
the request including a source identifier identifying the one of at the at least two devices that 
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initiated the request and an address to one of the volumes of the plurality of volumes in the 
storage system; and 

determining whether to service the request responsive at least to a portion of the 
configuration data associated with the source identifier and the address of the one of the 
volumes. 

3. (Previously Presented) The data management method according to claim 1, the 
method including a step of: 

forwarding the request from the one of the at least two devices to the storage system over 
the network. 

4. (Original) The data management method according to claim 3, wherein the step 
of forwarding includes forwarding the request using a Fibre Channel protocol. 

5. (Canceled) 

6. (Currently Amended) The data management method according to claim [[5]]2, 
wherein the expected access key includes access information generated at the storage system 
independent of information provided in the source identifier identifying the respective one of the 
at least two devices, and wherein the step of [[authenticating]] receiving encryption information 
provided by each of the at least two devices is performed before the step of receiving the request 
[[further comprises a step of comparing an expected identifier associated with the request against 
an authenticating identifier received with the request to determine whether the expected identifier 
and authenticating identifier match]]. 

7. (Currently Amended) The data management method according to claim 6, 
wherein the [[authenticating identifier]] request access key is encrypted using a key associated 
with the one of the at least two devices that issued the request. 



8. (Currently Amended) The data management method according to claim 7, 
wherein the step of [[authenticating]] verifying further comprises a step of: 
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decrypting [[a portion of]] the request access key at the storage system using a decryption 
key associated with and initially provided by the one of the at least two devices [[that issued]] 
identified in the request. 

9. (Original) The data management method according to claim 1, wherein the one of 
the at least two devices is a host processor, and wherein the step of forwarding includes the step 
of forwarding the request from the host processor to the storage system. 

10. (Original) The data management method according to claim 1, wherein at least 
one of the at least two devices is a file server and wherein the step of forwarding includes the 
step of forwarding the request from the file server to the storage system. 

1 1 . (Original) The data management method according to claim 1 , wherein the 
storage system includes a plurality of disk drives, and wherein the step of selectively servicing 
includes the step of forwarding the request to one of the plurality of disk drives. 

12. (Original) The data management method according to claim 1, further comprising 
a step of: 

validating the request from the one of the at least two devices at the storage system to 
verify that the request was not altered during transit. 

13. (Original) The data management method according to claim 2, wherein the 
configuration table comprises a plurality of records arranged in an array including a plurality of 
rows corresponding to a number of volumes of data available at the storage system and a 
plurality of columns corresponding to a number of ports available at the storage system, and 
wherein each of the records includes a bitmap having a bit corresponding to each device 
authorized to access each of the corresponding ports, and wherein the step of determining 
whether to service the request comprises steps of: 

indexing the configuration database using the address provided in the request to identify 
an indexed record; and 
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comparing the bitmap of the indexed record with the source identifier to determine 
whether a bit of the bitmap associated with the source identifier indicates that the one of the at 
least two devices associated with the source identifier has access to the volume of the storage 
system associated with the indexed record. 

14. (Original) The data management method according to claim 1, wherein the step 
of selectively servicing further comprises steps of: 

servicing a first request issued by a first one of the at least two devices for access to a 
first portion of data in the storage system responsive to configuration data associated with the 
first one of the at least two devices and an address of the first portion of data specified the first 
request; and 

precluding a second request issued by a second one of the at least two devices for access 
to the first portion of data in the storage system from being serviced responsive to configuration 
data associated with the second one of the at least two devices and the address of the first portion 
of data specified in the second request. 

15. (Currently Amended) A computer readable medium comprising: 

a first data structure to manage accesses by a plurality of devices to volumes of data at a 
storage system over a communication network, the storage system managing access responsive 
to requests that each identifies one of the plurality of volumes of the storage system to be 
accessed and one of the plurality of devices that is represented as having issued the request, the 
first data structure comprising a plurality of records corresponding to the plurality of devices, the 
plurality of records comprising at least one record corresponding to one of the plurality of 
devices and including configuration information having at least one identifier that identifies 
which of the volumes of the storage system the one of the plurality of devices is authorized to 
access, and [authentication information] an access key previously transferred between at least 
one of the plurality of devices and the storage system, the access key encrypted with encryption 
information initially provided by the at least one of the plurality of devices, the access key being 
[[that can be]] used by the storage system to determine whether the one of the plurality of 
devices that issued the request is the corresponding one of the plurality of devices. 
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16. (Original) The computer readable medium according to claim 15, in combination 
with the storage system, wherein the computer readable medium is a memory of the storage 
system. 

17. (Previously Presented) The combination according to claim 16, in further 
combination with the plurality of devices and the communication network, wherein the storage 
system and the plurality of devices are coupled to communicate over the communication 
network. 

18. (Original) The combination of claim 17, wherein the storage system and the 
plurality of devices communicate according to a Fibre Channel network protocol. 

19. (Original) The combination according to claim 16, wherein the storage system 
further comprises: 

a second data structure comprising a plurality of records that form a copy of a subset of 
the plurality of records in the first data structure, wherein the subset of the plurality of records in 
the second data structure is associated with a subset of the plurality of devices that are logged 
into the storage system. 

20. (Original) The combination according to claim 19, wherein the second data 
structure further comprises: 

an array of records having a plurality of columns corresponding to the volumes of data at 
the storage system and a plurality of rows corresponding to a plurality of ports of the storage 
system, each record in the array including at least one bit corresponding to each of the plurality 
of devices. 

21 . (Currently Amended) A storage system comprising: 

at least one storage device apportioned into a plurality of volumes; 

a configuration table to store configuration data identifying which of a plurality of 
devices coupled to the storage system via a network are authorized to access [[each]] which of 
the plurality of volumes and to store an expected access key for at least one of the plurality of 
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devices, the expected access key transferred between the at least one of the plurality of devices 
and the storage system and encrypted for the transfer using encryption information initially 
provided by the at least one of the plurality of devices ; and 

a filter, responsive to the configuration data, to selectively forward to the at least one 
storage device requests for access to the plurality of volumes received from the plurality of 
devices over the network, wherein each request identifies at least one of the plurality of devices 
that is represented to the storage system as having issued the request and a request access key , 
and wherein the filter is adapted to verify , based at least in part on a comparison between the 
request access key and the expected access key, that the at least one of the plurality of devices 
identified in at least one of the requests as having issued the at least one of the requests is the 
device that issued the at least one of the requests. 

22. (Original) The storage system according to claim 21, wherein the filter forwards 
a request to a volume for servicing by the storage system responsive to the configuration data 
indicating that the one of the plurality of devices that issued the request is authorized to access 
the volume. 

23. (Original) The storage system according to claim 21, wherein the filter precludes 
a request to a volume from being serviced by the storage system responsive to the configuration 
data indicating that the one of the plurality of devices that issued the request is not authorized to 
access the volume. 

24. (Currently Amended) The storage system according to claim 21 , wherein the 
configuration table comprises a number of records, each record including an identifier and a 
map, the map indicating which volumes of the storage system are capable of being accessed by a 
device associated with the identifier, wherein each request received at the filter includes a source 
identifier identifying the one of the plurality of devices that issued the request and an address to 
one of the plurality of volumes, and wherein the filter fiirther comprises: 

a comparator to compare each request against the information in a selected record in the 
configuration table associated with the request to determine whether the one of the plurality of 
devices that issued the request is authorized to access the volume. 
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25. (Original) The storage system according to claim 24, wherein an identifier in the 
selected record corresponds to the source identifier of the request. 

26. (Previously Presented) The storage system according to claim 21, in combination 
with the plurality of devices and wherein the network couples the storage system to the plurality 
of devices. 

27. (Original) The combination of claim 26, wherein the storage system and the 
plurality of devices communicate over the network using a Fibre Channel network protocol. 

28. (Canceled) 

29. (Original) The storage system according to claim 21, further comprising: 
means for validating a request received at the storage system to verify that the request 

was not altered in transit. 

30. (Original) The storage system according to claim 21, wherein the at least one 
storage device includes a plurality of disk drives. 

3 1 . (Original) The combination according to claim 26, wherein at least one of the 
plurality of devices is a host processor. 

32. (Original) The combination according to claim 26, wherein one of the plurality of 
devices is a file server. 



